Spyware, Viruses, & Security forum

General discussion

NEWS - January 11, 2007

by Marianna Schmudlach / January 10, 2007 2:31 PM PST

Port 2968 big rise - related to Symantec AV?

Last Updated: 2007-01-11 04:36:52 UTC
by Jason Lam (Version: 1)
Port 2968 is getting quite a jump recently. Take a look at the graph below.

Read more: http://isc.sans.org/

Discussion is locked
You are posting a reply to: NEWS - January 11, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - January 11, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Microsoft: Home Server sports serious security
by Marianna Schmudlach / January 10, 2007 2:43 PM PST

Thursday, 11 January 2007, 1:15 AM CET

Microsoft's upcoming Windows Home Server software will include security features taken from its enterprise-grade Windows Server 2003 software, but will not work as a central distributor for patches to PCs on the home network, a Microsoft executive said Wednesday.

Read more: http://www.net-security.org/news.php?id=13231

Collapse -
Microsoft confirms NSA's role in Vista security
by Marianna Schmudlach / January 10, 2007 2:44 PM PST

Thursday, 11 January 2007, 12:27 AM CET

The NSA's involvement with Windows Vista -- which was confirmed by Microsoft this week -- is not the first time the NSA has provided guidance to Redmond. The NSA previously collaborated with Microsoft on the best methods to secure Windows XP and Windows 2000. The agency also has been credited with reviewing the Vista Security Guide published on Microsoft's Web site.

http://www.net-security.org/news.php?id=13226

Collapse -
New PayPal key to help thwart phishers
by Donna Buenaventura / January 10, 2007 6:10 PM PST

Additional password-generating security measure should be opened to beta users within the next month

Over the next few months, Ebay will be offering its PayPal users a new tool in the fight against phishers: a $5 security key.

The security key is actually a small electronic device, designed to clip on to a keychain, that calculates a new numeric password every 30 seconds. PayPal users who sign up to use the device will need to enter their regular passwords as well as the number displayed on the key whenever they log in to the online payment service.

http://www.infoworld.com/article/07/01/10/HNpaypalphishers_1.html

Collapse -
Free hacker scan for universities, nonprofits
by Donna Buenaventura / January 10, 2007 6:35 PM PST

Acunetix is offering universities and nonprofit organizations a free Web site security scan and reporting service

Web application security vendor Acunetix Wednesday announced it would make available for free a Web site security scan and reporting service to universities and nonprofit organizations.

http://www.networkworld.com/news/2007/011007-acunetix-free-scan.html

Collapse -
Open source to go under the radar in 2007
by Marianna Schmudlach / January 11, 2007 12:29 AM PST

Posted by Dana Blankenhorn

We are only two weeks into 2007 and one trend already seems clear.
Open source will fly under the radar in 2007.

The media explosion that hit after the realization Linux was competitive with Windows in the server business and the SCO suit is getting old.

New stories have replaced it. Windows Vista. The Apple iPhone (or whatever). Wireless gadgets of all types are now the official story of the decade.

Open source, by contrast, is for geeks.

Read more: http://blogs.zdnet.com/open-source/?p=905

Collapse -
Next versions of Internet Explorer, Firefox taking shape
by Marianna Schmudlach / January 11, 2007 12:31 AM PST

Posted by Mary Jo Foley

Microsoft and the Mozilla Foundation are pushing ahead with their respective next versions of their Web browsers. Their methods are different, but many of their priorities are ? at least in theory ? quite similar.

The Mozilla Foundation has published to a public wiki a list of its developers' plans for Firefox 3 (code-named "Gran Paradiso). Gran Paradiso is slated to be available in the third/fourth quarter of 2007 timeframe.

Microsoft disclosed last summer that the IE team is working on the next two releases of Internet Explorer (IE). But the company isn't expected to show a prototype of its work until the Microsoft Mix '07 conference in late April 2007.

Read more: http://blogs.zdnet.com/microsoft/?p=196

Collapse -
Bug eats into Apple security patch software
by Marianna Schmudlach / January 11, 2007 12:47 AM PST

Apple bug project finds a vulnerability in rival group's software

Matt Chapman, vnunet.com 11 Jan 2007

The group behind the Month of Apple Bugs (Moab) project has found a flaw in software designed to fix security issues on Apple Macs.

The vulnerability affects the Application Enhancer (Ape) software, which was designed by a rival group trying to combat the flaws highlighted by Moab.

The bug could allow malicious users on a local system to replace Ape's binary code and take control of the root privileges on a computer.

Read more: http://www.vnunet.com/vnunet/news/2172335/apple-flaw-found-security-patch

Collapse -
IT security experts warn of phishing kit peril
by Marianna Schmudlach / January 11, 2007 12:49 AM PST

Universal Man-in-the-Middle phishing kit discovered by RSA

Robert Jaques, vnunet.com 11 Jan 2007

Security experts have warned that a previously undocumented phishing kit is being sold and used online by fraudsters.

The newly uncovered Universal Man-in-the-Middle Phishing Kit is designed to allow cyber-criminals to create sophisticated attacks against global organisations in which the victims communicate with a legitimate website via a fraudulent URL.

Security firm RSA's Anti-Fraud Command Center warned that this allows the fraudster to capture victims' personal information in real time.


Read more: http://www.vnunet.com/vnunet/news/2172366/security-experts-warn-phishing

Collapse -
Microsoft Patches Mac Office
by Marianna Schmudlach / January 11, 2007 3:03 AM PST

The updates to Office 2004 for Mac and Office v.X for Mac released Tuesday patched five vulnerabilities in the suites' Excel spreadsheet.

By Gregg Keizer
InformationWeek

Jan 11, 2007 11:44 AM

Microsoft updated its Office suite for the Mac to quash several bugs in the Excel spreadsheet and get the software ready for new Daylight Savings Time rules that go into effect in March.

The updates to Office 2004 for Mac and Office v.X for Mac released Tuesday patched five vulnerabilities in the suites' Excel spreadsheet that could let attackers hijack a computer by duping users into opening malformed worksheets. Microsoft ranked the flaws as "important," the second-most dangerous rating in its four-level threat scoring system. These updates, said Microsoft, include "fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer's memory with malicious code."

The Redmond, Wash., developer also patched the Windows versions of Excel Tuesday.

Read more: http://www.informationweek.com/story/showArticle.jhtml?articleID=196900152&cid=RSSfeed_IWK_Security

Collapse -
Google annoys Web site owners with malware alerts
by Marianna Schmudlach / January 11, 2007 3:05 AM PST

They say their sites are just fine

Jeremy Kirk

January 11, 2007 (IDG News Service) -- Some Web site operators are complaining that Google Inc. is flagging their sites as containing malicious software, when they believe their sites are harmless.

At issue is an "interstitial" page that appears after a user has clicked on a link within Google's search engine results. If Google believes a site contains malware, the page will appear, saying "Warning -- visiting this Web site may harm your computer!"

Google does not block access to the sites, but a user would have to manually type in a Web site address to continue. Organizations are complaining their sites do not contain malicious software, and say the warning is embarrassing.

"We have no bad software or installs or anything that would indicate a need to ban people from viewing our site," wrote Matt Blatchley, who works for the Greenbush Southeast Kansas Education Service Center, in a posting last Friday to Google Groups.

Google's warning page contains a link to stopbadware.org, a project designed to study legal and technical issues concerning spyware, adware and other malicious software.

Read more: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9007822&source=rss_topic17

Collapse -
'Month of Apple Bugs' turns up 10 vulnerabilities -- so far
by Marianna Schmudlach / January 11, 2007 5:59 AM PST

There's more to come, says one of the researchers behind the effort

Jaikumar Vijayan

January 11, 2007 (Computerworld) -- A month-long campaign by two independent security researchers to disclose security flaws in Apple Inc.'s products has so far resulted in 10 vulnerabilities being publicly disclosed -- and several more on the verge of being announced. Exploit information has also been published, along with proof-of-code detailing how to take advantage of the flaws, several of which were described as being remotely exploitable by the researchers.

The disclosures are part of a Month of Apple Bugs (MoAB) effort launched on Jan. 1 by independent security researcher Kevin Finisterre and another researcher identified only by the initials LMH.

Read more: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9007883&source=rss_topic17

Collapse -
Mac flaw puts Safari surfers at risk
by Marianna Schmudlach / January 11, 2007 6:02 AM PST

By Dawn Kawamoto, CNET News.com
Published on ZDNet News: January 11, 2007, 11:54 AM PT


ZDNet Tags: Mac OS, Security threats, Apple Computer Inc
A serious security flaw in Mac OS X opens machines with Apple's Safari Web browser to hijack by outsiders, Secunia has warned.

The vulnerability and "proof of concept" code to exploit it were released on Wednesday as part of the Month of Apple Bugs project. It affects Mac OS X 10.4.8, the most recent version of Apple's operating system and, possibly, previous versions, security researcher LMH said in the posting on MOAB's Web site.

The flaw can be exploited if the Mac user has enabled an option in Safari to "open safe files after downloading," Secunia said in an advisory Thursday. The security company has rated the problem "highly critical."

Read more: http://news.zdnet.com/2100-1009_22-6149498.html

Collapse -
CA backup and recovery solution contains flaws
by Marianna Schmudlach / January 11, 2007 10:17 AM PST

Dan Kaplan Jan 11 2007 22:34
Two vulnerabilities were reported today in a CA backup and recovery solution that, if exploited, could allow an attacker to execute remote code and gain unauthorized administrative privileges.


The flaws, discovered by the X-Force research and development team at IBM Internet Security Systems (ISS), are found in CA Brightstor ARCserve, a storage solution largely deployed by small- and medium-size businesses.

According to IBM ISS advisories released today, the two bugs are similar and can be exploited through a stack-based buffer overflow. This could lead to the exposure of confidential information, loss in productivity and a compromised network.

Read more: http://www.scmagazine.com/us/news/article/625762/ca-backup-recovery-solution-contains-flaws/

Collapse -
Vulnerability reported in Snort intrusion prevention system
by Marianna Schmudlach / January 11, 2007 10:18 AM PST

Dan Kaplan Jan 11 2007 21:36
Researchers from the University of Wisconsin in Madison have discovered a vulnerability in open-source intrusion prevention technology Snort which can be exploited to launch a DoS attack.


Vulnerability tracking firm Secunia graded the flaw "less critical," according to an advisory released today. The rule-matching algorithm of Snort can be exploited remotely to run time-consuming operations that cannot be detected and can lead to a DoS condition, the advisory explained.

The bug was reported in version 2.4.3.

Users are urged to update to the latest version.

Read more: http://www.scmagazine.com/us/news/article/625759/vulnerability-reported-snort-intrusion-prevention-system/

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!